SustainabilityEN | TH
Risk and Crisis Management
BDMS is committed to managing these challenges to ensure long-term and sustainable business operations,with a focus on the three key pillars of sustainability: Environmental, Social, and Governance (ESG). These elements are fundamental to addressing business challenges, driving sustainable growth, and reinforcing stakeholder and investor confidence across all groups.
BDMS has established a comprehensive risk management framework focusing on 3 key aspects to ensure business resilience and sustainability
| Established a clear governance structure to ensure swift and efficient risk management in a timely manner. | Developed a comprehensive risk management process by integrating multidisciplinary personnel across its operations | Committed to fostering a strong safety culture among all stakeholders, including employees, healthcare professionals, patients, and partners, to minimize and prevent potential risks. |
Risk Governance
The Company acknowledges the significance of risk management as an essential element of good corporate governance. Accordingly, the Company has defined clear roles and responsibilities for Enterprise Risk Management at both board oversight and operational levels. The Board of Directors has appointed the Risk Management Committee to scrutinize the Company’s risk management policy and directions, as well as to monitor and follow up the compliance of risk management policy and procedures. At the operational level, the Company follows the 'Three Lines of Defense' principle for risk management roles and responsibilities, as follows
Risk Governance Framework | Dedicated committee and roles | Roles and responsibilities |
| Board Oversight | Board of Director
|
|
| Risk Management Committee |
| |
| 1st Line of Defense | Front-line employees as risk owners such as Risk Manager, Patient Safety Coordinator |
|
| 2nd Line of Defense | Chief Administrative Officer and Enterprise Risk Management Steering Committee |
|
| 3rd Line of Defense | Internal Audit Director and Internal Audit Unit |
|
Or Scan QR Code
BDMS operates in line with the Risk Management Policy where the Board of Directors appoints the Enterprise Risk
Management Steering Committee, comprising of independent representatives from relevant departments as members of the Committee. Their responsibilities are to review and screen the risk management policy and guidelines in business operation, starting from risk identification and assessment, guideline establishment and integrated management throughout every organizational activity. The risk management performance is quarterly reported to the Risk Management Committee. Simultaneously, any emerging risks related to medical service business in line with global trends, population structure and business operation technologies must also be assessed. Furthermore, BDMS emphasizes proactive risk management approach as well as encourages the incident search procedure that may incur risks and prevent them from affecting any patients. Besides, BDMS promotes all employees, medical doctors, nurses, multidisciplinary professionals, including employees of the hospitals and of the business groups to collaboratively participate in quality activities to consistently improve medical treatment processes to deliver the utmost safety to all patients by taking into consideration the environmental, social and governance sustainability.
In 2023, BDMS also emphasized the safety of surgical and obstetric patients to ensure the quality management and development of pregnant women and obstetric patients in line with the standards of the company groups while performing into consideration the utmost safety of all patients. Consequently, BDMS reconsider “BDMS Safe pregnancy and Delivery Working Committee” and appoint the OB and GYN Safety Working Team as“BDMS Safe pregnancy and Delivery OB and GYN Working Committee” with the responsibility to determine treatment guidelines for pregnant women and child delivery, obstetrics and gynecology, including improvement of quality, knowledge, capabilities and skills in patient care as well as improve the operating results for mother and newborns according to the international standards.
Effective risk management is key in support of long-term operation plan and the organization’s flexibility. Owing to current risks and potential risks in the future, BDMS realizes the significance of risk management and takes into consideration 3 aspects of sustainability: namely, environmental, social and governance (ESG). These three aspects are deemed crucial components of good corporate governance and a key mechanism of any decision making and operation plans to minimize business risks. The process also helps lessen obstacles and unpredictable factors in terms of profits and operation while building trust among investors and every stakeholder group.
BDMS Risk Management Strategy
BDMS integrates key information and essential aspects of corporate risk management to identify critical business risks while assessing their short, medium, and long-term impact.
BDMS Categorization of 9 Major Corporate Risks
1.Strategic Risk
Risks from misaligned corporate strategy, action plans, or improper implementation affecting revenue, funding, business performance, and continuity. BDMS mitigates this through market analysis, adaptive strategies, and continuous evaluation to ensure sustainable growth.
2.Financial Risk
Risks arising from financial and accounting management, including currency fluctuations, interest rates, liquidity issues, and other accounting risks. BDMS mitigates these risks through robust financial planning, risk assessments, and adaptive financial strategies to ensure stability and sustainable growth.
3.Clinical and Patient Safety Risk
Risks that may impact patient safety during medical services, diagnosis, and treatment processes. BDMS mitigates these risks through strict adherence to medical standards, continuous staff training, advanced technology integration, and rigorous quality control measures to ensure safe and effective patient care.
4.Operational, Nonclinical, Physical Hazard, Environmental, and Disaster Risk
Risks that may cause losses or adverse events unrelated to patient care, including environmental factors, equipment failures, and internal operational issues such as human errors, system malfunctions, and process failures. Additionally, external threats like natural disasters or unforeseen incidents pose potential disruptions. BDMS mitigates these risks through strict operational protocols, continuous staff training, risk assessments, and emergency preparedness plans, ensuring efficiency, safety, and business continuity.
5.Environmental, Social, and Governance (ESG) Risk
Risks arising from environmental, social, and governance (ESG) factors that may impact business operations and long-term corporate sustainability. BDMS mitigates these risks through sustainable resource management, ethical business practices, regulatory compliance, and proactive stakeholder engagement, ensuring resilience and responsible growth.
6.Human Capital Risk
Risks related to labor shortages, including recruitment challenges, employee retention, skills development, and compensation management. BDMS mitigates these risks through strategic workforce planning, competitive benefits, continuous training programs, and employee engagement initiatives to ensure a skilled, motivated, and sustainable workforce.
7.Legal and Regulatory Risk
Risks arising from non-compliance with regulations, procedures, rules, and policies, which may lead to legal, financial, or reputational damage. BDMS mitigates these risks through strict regulatory adherence, continuous monitoring, employee training, and robust governance frameworks to ensure compliance and corporate integrity.
8.Reputation Risk
Risks that may harm the corporate image, especially when negative information spreads through various communication channels, including protests, critiques, or public scrutiny. Such risks can lead to diminished customer trust, negative public perception, and loss of investor confidence. BDMS mitigates these risks through proactive communication strategies, strong stakeholder engagement, crisis management planning, and continuous brand reputation monitoring to uphold public trust and corporate credibility.
9.Technology Risk
Risks associated with the use of information technology in business operations, including threats to confidentiality, integrity, and availability (CIA) of data and systems. These risks may result from cyber threats, security vulnerabilities, and system failures, potentially disrupting business operations. BDMS mitigates these risks through robust cybersecurity measures, data protection policies, continuous system monitoring, and IT infrastructure enhancements to ensure secure and resilient digital operations.
Risk Management Processes
BDMS established Core System Risk Assessment and Hazard Vulnerability Analysis as guideline for risk management on clinical risks and risks related to core systems in hospitals. Risk management procedures are briefly described as followed.
1. Risk Identification
The department head and the committee responsible for critical systems are responsible for reviewing the working process, risks and factors from the occurrence or incidence report in the passing years, statistical indicators and experience from the external parties to determine potential impacts.
Risk factors are identified based on internal and external past events occurred. The data sources are obtained from updated in law and regulations, Occurrence report and Peer review
2. Risk Assessment are considered covering 2 factors
- Likelihood assessment: assess potential and frequency of impact occurrence
- Impact assessment: assess on quantity impact and quality impact in various aspects such as compliance to laws and regulations, safety, financial, strategic and operational and reputation
3. Risk Scoring and Risk Prioritization
Risk Scoring or Risk Prioritization are considered based on levels of likelihood and levels of impacts. Risk Scoring can be illustrated as 5 of risk levels with definitions with the maximum score at 25 points.
BDMS Occurrence Reporting
BDMS sets forth the occurrence reporting system for employees and related internal and external personnel in case of any risks or incidents in the business operations. All personnel have the responsibility to manage such incident in a timely manner and must report the incident through the specified channels, both online and regular, within 8 hours after such incident takes place, with the aim of investigation and data analysis on the impact level. The impacts can be categorized in clinical aspects, including other aspects as follows:
Each impact level results in different internal investigation methods. The occurrence will be reported to the executives on a monthly and quarterly basis.
The risk appetite is at level Low to Medium only (Risk score below and equal to 0 is acceptable and depends on hospitals aspects).
Audit of the risk management process
Internal Audit
The Audit Committee has roles and responsibilities, including ensuring that the Company has established suitable risk management and control systems that encompass the entire organization and suggesting appropriate and efficient management of risks associated with the Company’s business operations. Audit Committee has assigned the internal auditor team to set plan for the Company's annual audit. BDMS’s internal audit process is in accordance with International Professional Practices Framework (IPPF) by Institute of Internal Auditors. The internal audit plan covers reviewing the effectiveness of control, including IT reliance processes and non-IT reliance processes of hospital in BDMS groups and its subsidiaries. The project-based internal audit includes reviewing the effectiveness of the risk management process to assess control effectiveness and mitigation measures. The internal audit is conducted to check alignment of regulatory compliance and external relevant standards, such as regulatory requirements and international standards, such as IT Risk Management under ISO 27001, and requirements based on the Personal Data Protection Act 2012.
In 2024, the internal audit team conducted an assessment of the effectiveness of the control environment in several areas of BDMS’s operational modules. For example, in terms of non-IT-related modules, internal audits were performed to assess the appropriateness of controls in the maintenance process of medical equipment, budget management, revenue recognition, cash receipts, and cash disbursements in the Finance & Accounting department and Human Resource management. For IT-related modules, internal audits were conducted to ensure compliance with BDMS's Information Security Basic Requirements for the 17 actions taken covering information security management and data privacy management, as announced by the Information Security Management Committee (ISMC).
The internal audit process which cover risk management process are demonstrated below:
External Audit
BDMS's has engaged third-party auditors to assist with audit procedures on Risk Management process related to documented policies, procedure relevant to system/data access and the effectiveness of Information Technology operation systems and controls related to the Company’s information system and internal accounting control systems.
For more details, please refer to
>> Risk Response, Monitoring and Reporting Guidelines
>> Our Commitment to Maintaining Resilience against Risks and Change